IPv4 and IPv6 Firewalls

I just got my Turris Omnia yesterday and am curious about built in firewalls.

Is there NAT for IPv4 and does the router block incoming IPv6 traffic by default?


Yes. IMO unfortunately regarding IPv6, since it breaks the end-to-end connectivity, which should be one of the points of having IPv6. Anyway, this can be fixed by a simple firewall rule like this:

config rule
        option name 'IPv6 in'
        option family 'ipv6'
        option src 'wan'
        option dest '*'
        option target 'ACCEPT'

If you feel this is too much open, you can restrict the rule just for dynamic ports so most PtP applications could work by adding these two lines:

        option proto 'tcpudp'
        option dest_port '49192-65535'

I would like to connect to SSH via IPv6 on a separate WAN port.
My ISP provides IPv6 as well, and I have enabled WAN6, each device has dedicated IPv6 address.
I am having SSH Honeypot configured, as described in the forum, with port forward of WAN port 22 to the honeypot.
As well I have SSH on port 22 (LAN), which is accessed from WAN via a different port (let’s say 9022) using port forward.
This setup is working well for IPv4.

My question is how I can achieve the very same on IPv6, basically access SSH on WAN port 9022?
I have mainly out of the box Turris Omnia, the SSH listening on IPv6 as well, and I read that port forward is not supported in IPv6. How I can achive than such cross wiring of ports?